• Skip to content
  • Skip to link menu
KDE API Reference
  • KDE API Reference
  • kdelibs API Reference
  • KDE Home
  • Contact Us
 

KIO

  • sources
  • kde-4.14
  • kdelibs
  • kio
  • kssl
ksslpkcs12.cpp
Go to the documentation of this file.
1 /* This file is part of the KDE project
2  *
3  * Copyright (C) 2001 George Staikos <staikos@kde.org>
4  *
5  * This library is free software; you can redistribute it and/or
6  * modify it under the terms of the GNU Library General Public
7  * License as published by the Free Software Foundation; either
8  * version 2 of the License, or (at your option) any later version.
9  *
10  * This library is distributed in the hope that it will be useful,
11  * but WITHOUT ANY WARRANTY; without even the implied warranty of
12  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13  * Library General Public License for more details.
14  *
15  * You should have received a copy of the GNU Library General Public License
16  * along with this library; see the file COPYING.LIB. If not, write to
17  * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
18  * Boston, MA 02110-1301, USA.
19  */
20 
21 
22 #include <config.h>
23 #include <ksslconfig.h>
24 
25 #include <kopenssl.h>
26 
27 #include <QtCore/QString>
28 #include <QtCore/QFile>
29 
30 #include <ksslall.h>
31 #include <kdebug.h>
32 #include <ktemporaryfile.h>
33 #include <kcodecs.h>
34 
35 #include <assert.h>
36 
37 #ifdef KSSL_HAVE_SSL
38 #define sk_new kossl->sk_new
39 #define sk_push kossl->sk_push
40 #define sk_free kossl->sk_free
41 #define sk_value kossl->sk_value
42 #define sk_num kossl->sk_num
43 #define sk_dup kossl->sk_dup
44 #define sk_pop kossl->sk_pop
45 #endif
46 
47 
48 KSSLPKCS12::KSSLPKCS12() {
49  _pkcs = NULL;
50  _pkey = NULL;
51  _cert = NULL;
52  _caStack = NULL;
53  kossl = KOSSL::self();
54 }
55 
56 
57 
58 KSSLPKCS12::~KSSLPKCS12() {
59 #ifdef KSSL_HAVE_SSL
60  if (_pkey) kossl->EVP_PKEY_free(_pkey);
61  if (_caStack) {
62  for (;;) {
63  X509* x5 = sk_X509_pop(_caStack);
64  if (!x5) break;
65  kossl->X509_free(x5);
66  }
67  sk_X509_free(_caStack);
68  }
69  if (_pkcs) kossl->PKCS12_free(_pkcs);
70 #endif
71  delete _cert;
72 }
73 
74 
75 KSSLPKCS12* KSSLPKCS12::fromString(const QString &base64, const QString &password) {
76 #ifdef KSSL_HAVE_SSL
77  KTemporaryFile ktf;
78  ktf.open();
79 
80  if (base64.isEmpty()) return NULL;
81  QByteArray qba = QByteArray::fromBase64(base64.toLatin1());
82  ktf.write(qba);
83  ktf.flush();
84  KSSLPKCS12* rc = loadCertFile(ktf.fileName(), password);
85  return rc;
86 #endif
87 return NULL;
88 }
89 
90 
91 
92 KSSLPKCS12* KSSLPKCS12::loadCertFile(const QString &filename, const QString &password) {
93 #ifdef KSSL_HAVE_SSL
94 QFile qf(filename);
95 PKCS12 *newpkcs = NULL;
96 
97  if (!qf.open(QIODevice::ReadOnly))
98  return NULL;
99 
100  FILE *fp = fdopen(qf.handle(), "r");
101  if (!fp) return NULL;
102 
103  newpkcs = KOSSL::self()->d2i_PKCS12_fp(fp, &newpkcs);
104 
105  fclose(fp);
106  if (!newpkcs) {
107  KOSSL::self()->ERR_clear_error();
108  return NULL;
109  }
110 
111  KSSLPKCS12 *c = new KSSLPKCS12;
112  c->setCert(newpkcs);
113 
114  // Now we parse it to see if we can decrypt it and interpret it
115  if (!c->parse(password)) {
116  delete c; c = NULL;
117  }
118 
119  return c;
120 #endif
121 return NULL;
122 }
123 
124 
125 void KSSLPKCS12::setCert(PKCS12 *c) {
126 #ifdef KSSL_HAVE_SSL
127  _pkcs = c;
128 #endif
129 }
130 
131 
132 bool KSSLPKCS12::changePassword(const QString &pold, const QString &pnew) {
133 #ifdef KSSL_HAVE_SSL
134  // OpenSSL makes me cast away the const here. argh
135  return (0 == kossl->PKCS12_newpass(_pkcs,
136  pold.isNull() ? (char *)"" : (char *)pold.toLatin1().constData(),
137  pnew.isNull() ? (char *)"" : (char *)pnew.toLatin1().constData()));
138 #endif
139 return false;
140 }
141 
142 
143 bool KSSLPKCS12::parse(const QString &pass) {
144 #ifdef KSSL_HAVE_SSL
145 X509 *x = NULL;
146 
147  assert(_pkcs); // if you're calling this before pkcs gets set, it's a BUG!
148 
149  delete _cert;
150  if (_pkey) kossl->EVP_PKEY_free(_pkey);
151  if (_caStack) {
152  for (;;) {
153  X509* x5 = sk_X509_pop(_caStack);
154  if (!x5) break;
155  kossl->X509_free(x5);
156  }
157  sk_X509_free(_caStack);
158  }
159  _pkey = NULL;
160  _caStack = NULL;
161  _cert = NULL;
162 
163  int rc = kossl->PKCS12_parse(_pkcs, pass.toLatin1(), &_pkey, &x, &_caStack);
164 
165  if (rc == 1) {
166  // kDebug(7029) << "PKCS12_parse success";
167  if (x) {
168  _cert = new KSSLCertificate;
169  _cert->setCert(x);
170  if (_caStack) {
171  _cert->setChain(_caStack);
172  }
173  return true;
174  }
175  } else {
176  _caStack = NULL;
177  _pkey = NULL;
178  kossl->ERR_clear_error();
179  }
180 #endif
181 return false;
182 }
183 
184 
185 EVP_PKEY *KSSLPKCS12::getPrivateKey() {
186  return _pkey;
187 }
188 
189 
190 KSSLCertificate *KSSLPKCS12::getCertificate() {
191  return _cert;
192 }
193 
194 
195 QString KSSLPKCS12::toString()
196 {
197  QString base64;
198 #ifdef KSSL_HAVE_SSL
199  unsigned char *p;
200  int len;
201 
202  len = kossl->i2d_PKCS12(_pkcs, NULL);
203  if (len > 0) {
204  char *buf = new char[len];
205  p = (unsigned char *)buf;
206  kossl->i2d_PKCS12(_pkcs, &p);
207  base64 = QByteArray::fromRawData(buf, len).toBase64();
208  delete[] buf;
209  }
210 #endif
211  return base64;
212 }
213 
214 
215 
216 bool KSSLPKCS12::toFile(const QString &filename) {
217 #ifdef KSSL_HAVE_SSL
218 QFile out(filename);
219 
220  if (!out.open(QIODevice::WriteOnly)) return false;
221 
222  int fd = out.handle();
223  FILE *fp = fdopen(fd, "w");
224 
225  if (!fp) {
226  unlink(filename.toLatin1());
227  return false;
228  }
229 
230  kossl->i2d_PKCS12_fp(fp, _pkcs);
231 
232  fclose(fp);
233  return true;
234 #endif
235 return false;
236 }
237 
238 
239 KSSLCertificate::KSSLValidation KSSLPKCS12::validate() {
240  return validate(KSSLCertificate::SSLServer);
241 }
242 
243 
244 KSSLCertificate::KSSLValidation KSSLPKCS12::validate(KSSLCertificate::KSSLPurpose p) {
245 #ifdef KSSL_HAVE_SSL
246 KSSLCertificate::KSSLValidation xx = _cert->validate(p);
247  if (1 != kossl->X509_check_private_key(_cert->getCert(), _pkey)) {
248  xx = KSSLCertificate::PrivateKeyFailed;
249  }
250 
251 return xx;
252 #else
253 return KSSLCertificate::NoSSL;
254 #endif
255 }
256 
257 
258 KSSLCertificate::KSSLValidation KSSLPKCS12::revalidate() {
259  return revalidate(KSSLCertificate::SSLServer);
260 }
261 
262 
263 KSSLCertificate::KSSLValidation KSSLPKCS12::revalidate(KSSLCertificate::KSSLPurpose p) {
264  return _cert->revalidate(p);
265 }
266 
267 
268 bool KSSLPKCS12::isValid() {
269 return isValid(KSSLCertificate::SSLServer);
270 }
271 
272 
273 bool KSSLPKCS12::isValid(KSSLCertificate::KSSLPurpose p) {
274 return (validate(p) == KSSLCertificate::Ok);
275 }
276 
277 
278 QString KSSLPKCS12::name() const {
279  return _cert->getSubject();
280 }
281 
282 
283 #ifdef KSSL_HAVE_SSL
284 #undef sk_new
285 #undef sk_push
286 #undef sk_free
287 #undef sk_value
288 #undef sk_num
289 #undef sk_pop
290 #undef sk_dup
291 #endif
292 
QFile::flush
bool flush()
fp
static const char fp[]
Definition: des.cpp:68
KSSLPKCS12::setCert
void setCert(PKCS12 *c)
Raw set the PKCS12 object.
Definition: ksslpkcs12.cpp:125
kdebug.h
KSSLPKCS12::~KSSLPKCS12
virtual ~KSSLPKCS12()
Destroy this PKCS#12 certificate.
Definition: ksslpkcs12.cpp:58
KSSLCertificate::validate
KSSLValidation validate()
Check if this is a valid certificate.
Definition: ksslcertificate.cpp:623
QByteArray
KSSLCertificate::PrivateKeyFailed
Definition: ksslcertificate.h:123
QFile::handle
int handle() const
KSSLPKCS12::toFile
bool toFile(const QString &filename)
Write the PKCS#12 to a file in raw mode.
Definition: ksslpkcs12.cpp:216
KSSLPKCS12::parse
bool parse(const QString &pass)
Definition: ksslpkcs12.cpp:143
KSSLPKCS12::changePassword
bool changePassword(const QString &pold, const QString &pnew)
Change the password of the PKCS#12 in memory.
Definition: ksslpkcs12.cpp:132
KSSLCertificate
KDE X.509 Certificate.
Definition: ksslcertificate.h:74
QByteArray::fromRawData
QByteArray fromRawData(const char *data, int size)
KSSLCertificate::revalidate
KSSLValidation revalidate()
Check if this is a valid certificate.
Definition: ksslcertificate.cpp:788
KTemporaryFile
KSSLPKCS12::toString
QString toString()
Convert to a Base64 string.
Definition: ksslpkcs12.cpp:195
KSSLCertificate::getSubject
QString getSubject() const
Get the subject of the certificate (X.509 map).
Definition: ksslcertificate.cpp:167
QFile
KSSLPKCS12
KDE PKCS#12 Certificate.
Definition: ksslpkcs12.h:63
KSSLCertificate::Ok
Definition: ksslcertificate.h:119
QString::isNull
bool isNull() const
KSSLCertificate::getCert
X509 * getCert()
Definition: ksslcertificate.cpp:580
KSSLPKCS12::revalidate
KSSLCertificate::KSSLValidation revalidate()
Check the X.509 and private key to make sure they're valid.
Definition: ksslpkcs12.cpp:258
KSSLCertificate::KSSLValidation
KSSLValidation
Result of the validate() call.
Definition: ksslcertificate.h:119
KSSLCertificate::KSSLPurpose
KSSLPurpose
Definition: ksslcertificate.h:146
KSSLPKCS12::name
QString name() const
The name of this certificate.
Definition: ksslpkcs12.cpp:278
QString::isEmpty
bool isEmpty() const
QByteArray::constData
const char * constData() const
KSSLPKCS12::validate
KSSLCertificate::KSSLValidation validate()
Check the X.509 and private key to make sure they're valid.
Definition: ksslpkcs12.cpp:239
QString
QFile::open
virtual bool open(QFlags< QIODevice::OpenModeFlag > mode)
KSSLCertificate::NoSSL
Definition: ksslcertificate.h:121
KSSLPKCS12::loadCertFile
static KSSLPKCS12 * loadCertFile(const QString &filename, const QString &password=QLatin1String(""))
Create a KSSLPKCS12 object by reading a PKCS#12 file.
Definition: ksslpkcs12.cpp:92
QTemporaryFile::fileName
QString fileName() const
KSSLPKCS12::fromString
static KSSLPKCS12 * fromString(const QString &base64, const QString &password=QLatin1String(""))
Create a KSSLPKCS12 object from a Base64 in a QString.
Definition: ksslpkcs12.cpp:75
KSSLPKCS12::getPrivateKey
EVP_PKEY * getPrivateKey()
Get the private key.
Definition: ksslpkcs12.cpp:185
ktemporaryfile.h
QString::toLatin1
QByteArray toLatin1() const
KSSLPKCS12::KSSLPKCS12
KSSLPKCS12()
Definition: ksslpkcs12.cpp:48
KSSLCertificate::setChain
void setChain(void *c)
Definition: ksslcertificate.cpp:472
QByteArray::fromBase64
QByteArray fromBase64(const QByteArray &base64)
QIODevice::write
qint64 write(const char *data, qint64 maxSize)
kcodecs.h
QByteArray::toBase64
QByteArray toBase64() const
kopenssl.h
KSSLPKCS12::isValid
bool isValid()
Check if the X.509 and private key are valid.
Definition: ksslpkcs12.cpp:268
QTemporaryFile::open
bool open()
KSSLPKCS12::getCertificate
KSSLCertificate * getCertificate()
Get the X.509 certificate.
Definition: ksslpkcs12.cpp:190
KSSLCertificate::setCert
bool setCert(const QString &cert)
Re-set the certificate from a base64 string.
Definition: ksslcertificate.cpp:1273
ksslall.h
KSSLCertificate::SSLServer
Definition: ksslcertificate.h:146
This file is part of the KDE documentation.
Documentation copyright © 1996-2020 The KDE developers.
Generated on Mon Jun 22 2020 13:24:53 by doxygen 1.8.7 written by Dimitri van Heesch, © 1997-2006

KDE's Doxygen guidelines are available online.

KIO

Skip menu "KIO"
  • Main Page
  • Namespace List
  • Namespace Members
  • Alphabetical List
  • Class List
  • Class Hierarchy
  • Class Members
  • File List
  • File Members
  • Related Pages

kdelibs API Reference

Skip menu "kdelibs API Reference"
  • DNSSD
  • Interfaces
  •   KHexEdit
  •   KMediaPlayer
  •   KSpeech
  •   KTextEditor
  • kconf_update
  • KDE3Support
  •   KUnitTest
  • KDECore
  • KDED
  • KDEsu
  • KDEUI
  • KDEWebKit
  • KDocTools
  • KFile
  • KHTML
  • KImgIO
  • KInit
  • kio
  • KIOSlave
  • KJS
  •   KJS-API
  •   WTF
  • kjsembed
  • KNewStuff
  • KParts
  • KPty
  • Kross
  • KUnitConversion
  • KUtils
  • Nepomuk
  • Plasma
  • Solid
  • Sonnet
  • ThreadWeaver

Search



Report problems with this website to our bug tracking system.
Contact the specific authors with questions and comments about the page contents.

KDE® and the K Desktop Environment® logo are registered trademarks of KDE e.V. | Legal